incineroar: refactor nix-shell into new playground for generative software

.cursorignore

@@ -0,0 +1,2 @@
+secrets.nix
+litellm.yaml

.gitignore

@@ -2,4 +2,5 @@
 secrets.nix
 archive/
 glance/config.yaml
-litellm.yaml
+litellm.yaml
+result

.vscode/extensions.json

@@ -0,0 +1,5 @@
+{
+  "recommendations": [
+    "bbenoist.nix"
+  ]
+}

incineroar.brenise.dev/configuration.nix

@@ -0,0 +1,403 @@
+{ config, pkgs, lib, ... }: 
+let
+  # Add nixpkgs-unstable channel with the following command:
+  # nix-channel --add https://nixos.org/channels/nixpkgs-unstable nixpkgs-unstable && nix-channel --update
+  unstable = import <nixpkgs-unstable> { config = config.nixpkgs.config; };
+  host_name = "incineroar";
+  host_fqdn = "${host_name}.brenise.dev";
+in
+{
+  imports = [
+    ./hardware-configuration.nix
+  ];
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+  nixpkgs.config.allowUnfreePredicate = pkg:
+    builtins.elem (lib.getName pkg) [
+      "nvidia-x11"
+      "nvidia-settings"
+      "nvidia-persistenced"
+      "steam"
+      "steam-original"
+      "steam-unwrapped"
+      "steam-run"
+    ];
+  hardware = {
+    graphics.enable = true;
+    nvidia = { # RTX 2080 Ti
+      open = true;
+    # package = config.boot.kernelPackages.nvidiaPackages.beta;
+    # modesetting.enable = true; # needed for Wayland compositors, might fix screen tearing
+    };
+  };
+
+  boot = {
+    kernelPackages = pkgs.linuxPackages_latest;
+    loader = {
+      systemd-boot.enable = true;
+      efi.canTouchEfiVariables = true;
+    };
+  };
+
+  hardware.bluetooth.enable = true;
+
+  networking = {
+    hostName = "${host_name}";
+    firewall.enable = false;
+    interfaces = {
+      enp3s0.ipv4.addresses = [{
+        address = "192.168.1.36";
+        prefixLength = 24;
+      }];
+    };
+    defaultGateway = {
+      address = "192.168.1.1";
+      interface = "enp3s0";
+    };
+    # TODO https://nixos.wiki/wiki/Encrypted_DNS
+    nameservers = [ "1.1.1.1" "8.8.8.8" ];
+  };
+
+  time.timeZone = "America/Los_Angeles";
+
+  i18n.defaultLocale = "en_US.UTF-8";
+  console = {
+    font = "Lat2-Terminus16";
+#   keyMap = "us";
+    useXkbConfig = true; # use xkbOptions in tty.
+  };
+
+  users = {
+    users = {
+
+      root = {
+        openssh.authorizedKeys.keyFiles = [
+          /etc/nixos/ssh/authorized_keys
+        ];
+      };
+
+      blee = {
+        openssh.authorizedKeys.keyFiles = [
+          /etc/nixos/ssh/authorized_keys
+        ];
+        isNormalUser = true;
+        extraGroups = [ "wheel" ];
+        packages = with pkgs; [
+          gnumake
+          chromium
+          firefox
+          ffmpeg
+          obs-studio
+          kate # kwrite
+          glances
+          libsForQt5.kcalc
+          # slack # sso auth very broken
+          synergy
+
+          # Build vim huge with clipboard support
+          (vim_configurable.overrideAttrs (oldAttrs: {
+            features = "huge";
+          }))
+          python311
+          python311Packages.pip
+          python311Packages.ipython
+          python311Packages.huggingface-hub
+          curl
+          dnsutils
+          git
+          git-lfs
+          jq
+          imagemagick
+          pass
+          netcat
+          mediainfo
+          tmux
+          vlc
+          wget
+        ];
+      };
+
+#     steam = {
+#       openssh.authorizedKeys.keyFiles = [
+#         /etc/nixos/ssh/authorized_keys
+#       ];
+#       isNormalUser = true;
+#       extraGroups = [ "wheel" ];
+#     };
+
+      timburr = {
+        openssh.authorizedKeys.keyFiles = [
+          /etc/nixos/ssh/authorized_timburr_keys
+        ];
+        isNormalUser = true;
+        extraGroups = [ "wheel" ];
+      };
+    };
+  };
+
+  environment = {
+    systemPackages = with pkgs; [
+      cryptsetup
+      doas
+      dig
+      file
+      fzf
+      htop
+      libressl
+      nettools
+      parted
+      psmisc
+      rsync
+      screen
+      tcpdump
+      tree
+      vim
+      wireguard-tools
+      whois
+      # GPU tools
+      inxi
+      glxinfo
+      pciutils # lspci
+      vulkan-tools
+    ];
+
+    shellInit = ''
+      pheonix() {
+          systemctl restart "$1"
+          journalctl -fu "$1"
+      }
+    '';
+
+    plasma5.excludePackages = with pkgs.libsForQt5; [
+      #elisa # music player
+      #gwenview # image viewer
+      #okular # document viewer
+      #oxygen # widgets
+      #khelpcenter
+      #konsole
+      plasma-browser-integration
+      #print-manager
+    ];
+  };
+
+  programs = {
+    fish.enable = true;
+    tmux = {
+      enable = true;
+      extraConfig = ''
+        set-option -g default-shell ${pkgs.fish}/bin/fish
+      ''; # This doesn't seem to work
+    };
+    vim = {
+      enable = true;
+      defaultEditor = true;
+    };
+    bash = {
+      shellAliases = {
+        ll = "ls -lAF --classify --group-directories-first";
+        l  = "ls -lF --classify --group-directories-first";
+      };
+      # https://nixos.wiki/wiki/Fish
+      interactiveShellInit = ''
+        if [[ $(${pkgs.procps}/bin/ps --no-header --pid=$PPID --format=comm) != "fish" && -z ''${BASH_EXECUTION_STRING} ]]
+        then
+          shopt -q login_shell && LOGIN_OPTION='--login' || LOGIN_OPTION=""
+          exec ${pkgs.fish}/bin/fish $LOGIN_OPTION
+        fi
+      '';
+    };
+    mtr.enable = true;
+    gnupg.agent = {
+      enable = true;
+      enableSSHSupport = true;
+    };
+    steam.enable = true;
+    chromium = {
+      enable = true;
+      extraOpts = {
+        "SpellcheckEnabled" = false;
+      };
+    };
+  };
+
+  security = {
+    sudo.enable = false;
+    doas = {
+      enable = true;
+      extraRules = [
+        {
+          users = [ "blee" ];
+          persist = true;
+        }
+        {
+          users = [ "timburr" ];
+          noPass = true;
+          cmd = "reboot";
+        }
+        {
+          users = [ "timburr" ];
+          noPass = true;
+          cmd = "halt";
+        }
+      ];
+    };
+  };
+
+  services = {
+
+    openssh.enable = true;
+
+    # https://discourse.nixos.org/t/bluetooth-a2dp-sink-not-showing-up-in-pulseaudio-on-nixos/32447/4?u=bleetube
+    pipewire = {
+      enable = true;
+      pulse.enable = true;
+    };
+
+    syncthing = {
+        enable = true;
+        user = "blee";
+        dataDir = "/home/blee/Documents";
+    };
+    journald.extraConfig = "MaxRetentionSec=30day";
+
+    # https://github.com/NixOS/nixpkgs/blob/nixos-23.05/nixos/modules/services/monitoring/prometheus/exporters.nix
+    prometheus.exporters.node = {
+      enable = true;
+      port = 8030;
+#     openFirewall = true;
+      enabledCollectors = [
+        "cpu.info"
+        "interrupts"
+        "netstat"
+        "vmstat"
+        "systemd"
+        "tcpstat"
+        "processes"
+      ];
+    };
+
+    caddy = {
+      enable = true;
+      logFormat = "output discard";
+      extraConfig = let
+        tlsConfig = ''
+          tls {
+            dns namecheap {
+              api_key {env.NAMECHEAP_API_KEY}
+              user {env.NAMECHEAP_API_USER}
+              api_endpoint https://api.namecheap.com/xml.response
+            }
+          }
+        '';
+      in ''
+        ${host_fqdn}:4430 { # node_exporter
+          ${tlsConfig}
+          reverse_proxy http://127.0.0.1:8030
+        }
+
+        ${host_fqdn} { # open-webui
+          ${tlsConfig}
+          reverse_proxy http://127.0.0.1:8080
+
+        }
+        ${host_fqdn}:4431 { # litellm
+          ${tlsConfig}
+          reverse_proxy http://127.0.0.1:8031
+        }
+        ${host_fqdn}:4434 { # ollama
+          ${tlsConfig}
+          reverse_proxy http://127.0.0.1:11434
+        }
+
+        ${host_fqdn}:4432 { # comfyui
+          ${tlsConfig}
+          reverse_proxy http://127.0.0.1:8081
+
+          handle /output/* {
+            root /opt/comfyui
+            file_server browse
+          }
+          handle /meeseeks/* {
+            root /mnt/meow/squirtle/var/ftp
+            file_server browse
+          }
+
+        }
+
+        ${host_fqdn}:4440 { # sunshine
+          ${tlsConfig}
+          reverse_proxy http://127.0.0.1:47990
+        }
+
+      '';
+    };
+
+    sunshine.enable = true;
+    displayManager = {
+      sddm.enable = true;
+      #defaultSession = "plasmawayland";
+    };
+    xserver = {
+      enable = true;
+      videoDrivers = ["nvidia"]; # nvidia-smi, kernel-modules
+      desktopManager.plasma5.enable = true;
+    };
+  # ollama = {
+  #   enable = true;
+  #   package = unstable.ollama; # outdated
+  # # port = 8034; # not in stable yet
+  # };
+  };
+
+  systemd = {
+    services = {
+
+      playground = {
+        wantedBy = [ "multi-user.target" ];
+        after = [ "network.target" ];
+        serviceConfig = {
+          Type = "forking";
+          User = "blee";
+          WorkingDirectory = "/opt/playground";
+          Environment = "NIX_PATH=nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos:nixos-config=/etc/nixos/configuration.nix:/nix/var/nix/profiles/per-user/root/channels";
+        };
+        script = "${pkgs.nix}/bin/nix-shell";
+      };
+
+      caddy = {
+        serviceConfig = {
+          EnvironmentFile = "/var/src/secrets/namecheap";
+          ExecStart = [
+            ""  # This empty string clears the existing ExecStart commands
+            "/opt/bin/caddy run --config /etc/caddy/caddy_config --adapter caddyfile"
+          ];
+          ExecReload = [
+            ""  # This empty string clears the existing ExecReload commands
+            "/opt/bin/caddy reload --config /etc/caddy/caddy_config --adapter caddyfile --force"
+          ];
+
+        };
+      };
+
+      "sleep-at-night" = {
+        script = ''
+          ${pkgs.utillinux}/bin/rtcwake -m no -l -t "$(date +\%s -d 'tomorrow 10:00')"
+          ${pkgs.systemd}/bin/systemctl suspend
+        '';
+        serviceConfig = {
+          Type = "oneshot";
+        };
+      };
+    }; # services
+
+
+    timers."sleep-at-night" = {
+      wantedBy = [ "timers.target" ];
+      timerConfig = {
+        OnCalendar = "*-*-* 20:00:00";
+      # Persistent = true;
+      };
+    };
+  };
+
+  system.stateVersion = "23.11";
+}

incineroar.brenise.dev/install.sh

@@ -0,0 +1,79 @@
+#!/usr/bin/env bash
+set -e
+set -x
+
+TARGET=192.168.1.19
+TARGET_MAC=d8:5e:d3:82:9c:35
+
+function FORMAT_DISK ()
+{
+    dd if=/dev/zero count=1 bs=21M of=/dev/nvme0n1
+    parted /dev/nvme0n1 -- mklabel gpt
+    parted /dev/nvme0n1 -- mkpart primary 512MB 100%
+    mkfs.ext4 -L nixos /dev/nvme0n1p1
+    sync # wait for device to be ready
+    mount /dev/disk/by-label/nixos /mnt
+
+    # Create a new ESP
+    parted /dev/nvme0n1 -- mkpart ESP fat32 1MB 512MB
+    parted /dev/nvme0n1 -- set 2 esp on
+    mkfs.fat -F 32 -n boot /dev/nvme0n1p2
+    sync # wait for device to be ready
+    mkdir -p /mnt/boot
+    sleep 3 # wait for device to be ready
+    mount /dev/disk/by-label/boot /mnt/boot
+
+    # Or use an existing ESP (must have same boot loader type, ie. grub or systemd-boot)
+    #mkdir -p /mnt/boot
+    #mount /dev/nvme0n1p1 /mnt/boot
+
+    nixos-generate-config --root /mnt
+}
+ping -c1 ${TARGET} 2>&1 > /dev/null || (echo "Target not found. Exiting." && exit 1)
+if ! arp -n | grep $TARGET_MAC; then
+    echo "Target not found in ARP table. Exiting."
+    exit 1
+fi
+
+echo "Install NixOS on ${TARGET}? You must set a password on the target before running this."
+echo "Press enter to continue or ctrl+c to quit."
+read
+
+ssh-keygen -R ${TARGET}
+ssh-copy-id nixos@${TARGET}
+
+COMMANDS="
+sudo cp -r /home/nixos/.ssh /root/.;
+sudo chown -R root:root /root/.ssh;
+"
+ssh -t nixos@${TARGET} "${COMMANDS}"
+
+ssh root@${TARGET} "$(typeset -f FORMAT_DISK); FORMAT_DISK"
+
+scp configuration.nix root@${TARGET}:/mnt/etc/nixos/
+
+# copy authorized keys to both the target and the target's chroot, because nixos-install runs outside the chroot
+ssh root@${TARGET} mkdir -p /etc/nixos/ssh /mnt/etc/nixos/ssh
+if [ -f ~/.ssh/ansible_root_keys ]; then
+    scp ~/.ssh/ansible_root_keys root@$TARGET:/mnt/etc/nixos/ssh/authorized_keys
+    scp ~/.ssh/ansible_root_keys root@$TARGET:/etc/nixos/ssh/authorized_keys
+    scp ~/.ssh/ansible_timburr_keys root@$TARGET:/mnt/etc/nixos/ssh/authorized_timburr_keys
+    scp ~/.ssh/ansible_timburr_keys root@$TARGET:/etc/nixos/ssh/authorized_timburr_keys
+else
+    scp ~/.ssh/authorized_keys root@${TARGET}:/etc/nixos/ssh/authorized_keys
+    scp ~/.ssh/authorized_keys root@${TARGET}:/mnt/etc/nixos/ssh/authorized_keys
+fi
+
+echo "Press [Enter] to run nixos-install on the target, or press ctrl+c to stop and do it manually."
+read
+ssh root@${TARGET} nixos-install
+#ssh root@${TARGET} openssl dhparam -out /etc/ssl/dhparams.pem 3072
+
+ssh-keygen -R ${TARGET}
+echo "Done."
+echo
+echo "You should set a password before restarting in case networking doesn't come up on first boot. To chroot run this:"
+echo "nixos-enter --root /mnt"
+echo "passwd"
+
+ssh-keygen -R ${TARGET}

incineroar.brenise.dev/opt/ollama/shell.nix

@@ -0,0 +1,5 @@
+{ pkgs ? import <nixpkgs> {} }:
+(pkgs.buildFHSEnv {
+  name = "ollama-fhs-env";
+  runScript = "tmux new-session ./bin/ollama serve";
+}).env

incineroar.brenise.dev/opt/playground/Makefile

@@ -0,0 +1,40 @@
+# Makefile for managing virtual environments
+
+VENV_OPEN_WEBUI=.venv_open_webui
+VENV_LITELLM=.venv_litellm
+ACTIVATE_OPEN_WEBUI=$(VENV_OPEN_WEBUI)/bin/activate
+ACTIVATE_LITELLM=$(VENV_LITELLM)/bin/activate
+
+.PHONY: install install_open_webui install_litellm update update_open_webui update_litellm
+
+install_open_webui:
+	@echo "Creating open-webui environment..."
+	python -m venv $(VENV_OPEN_WEBUI)
+	. $(ACTIVATE_OPEN_WEBUI) && \
+	pip install -U pip open-webui && \
+	deactivate
+
+install_litellm:
+	@echo "Creating litellm environment..."
+	python -m venv $(VENV_LITELLM)
+	. $(ACTIVATE_LITELLM) && \
+	pip install -U pip litellm[proxy] && \
+	deactivate
+
+install: install_open_webui install_litellm
+	@echo "All environments created and packages installed."
+
+update_open_webui:
+	@echo "Updating open-webui environment..."
+	source $(ACTIVATE_OPEN_WEBUI) && \
+	pip install -U open-webui && \
+	deactivate
+
+update_litellm:
+	@echo "Updating litellm environment..."
+	source $(ACTIVATE_LITELLM) && \
+	pip install -U litellm[proxy] && \
+	deactivate
+
+update: update_open_webui update_litellm
+	@echo "All environments updated."

incineroar.brenise.dev/opt/playground/README.md

@@ -0,0 +1,48 @@
+# Generative Playground
+
+This Nix environment starts a tmux session with:
+
+- ComfyUI
+- Ollama
+- Open-webui
+
+It uses a shell script to launch these services on NixOS.
+
+## Installation
+
+```sh
+mkdir -p /opt/playground
+cp -v opt/playground/{Makefile,run-playground.sh, shell.nix} /opt/playground/
+cd /opt/playground
+make install
+```
+
+## Configuration
+
+Sample `.env` file:
+
+```sh
+export LITELLM_MASTER_KEY= ...
+export ANTHROPIC_API_KEY=...
+export GOOGLE_API_KEY=...
+```
+
+## Update
+
+```sh
+cd /opt/playground
+make update
+```
+
+## Running
+
+```sh
+cd /opt/playground
+nix-shell
+```
+
+## Copypasta
+
+```sh
+rsync -tv opt/playground/{run-playground.sh,shell.nix,Makefile} roar:/opt/playground/
+```

incineroar.brenise.dev/opt/playground/run-playground.sh

@@ -0,0 +1,82 @@
+#!/usr/bin/env bash
+
+# ComfyUI Tmux Launcher
+#
+# This script starts ComfyUI in a detached tmux session. It allows for easy
+# configuration of session name, port, listen address, and low VRAM mode.
+#
+# Usage:
+#   ./script.sh [SESSION_NAME] [PORT] [LISTEN_ADDRESS] [LOWVRAM]
+#
+# Arguments:
+#   SESSION_NAME   : Name of the tmux session (default: playground)
+#   PORT           : Port number for ComfyUI to listen on (default: 8080)
+#   LISTEN_ADDRESS : IP address to bind to (default: 127.0.0.1)
+#   LOWVRAM        : Enable low VRAM mode (default: false)
+#
+# Examples:
+#   1. Run with default settings (uses system hostname):
+#      ./script.sh
+#
+#   2. Custom session name:
+#      ./script.sh mycustomsession
+#
+#   3. Custom session, port, and address:
+#      ./script.sh mycustomsession 8090 0.0.0.0
+#
+#   4. Enable low VRAM mode:
+#      ./script.sh imagegen 8080 127.0.0.1 true
+#
+# Note: This script requires tmux to be installed and a virtual environment
+# to be set up in the .venv directory.
+
+# Exit on error, undefined variables, and print commands
+set -e
+
+# Default values (can be overridden by command-line arguments)
+# Use "playground" as default session name if not provided
+SESSION_NAME="${1:-playground}"
+OPEN_WEBUI_PORT="${2:-8080}"
+LITELLM_PORT="${3:-8031}" # consistent with litten
+COMFYUI_PORT="${4:-8081}"
+COMFYUI_LOWVRAM="${5:-false}"
+
+if tmux has-session -t "$SESSION_NAME" 2>/dev/null; then
+    echo "Session '$SESSION_NAME' already exists. No action taken."
+    exit 0
+fi
+
+# Check if tmux session already exists
+if ! tmux has-session -t "$SESSION_NAME" 2>/dev/null; then
+
+    # Create new detached tmux session, starting with open-webui and litellm
+    tmux new-session -d -s "$SESSION_NAME" -n "textgen"
+    tmux send-keys -t "$SESSION_NAME":0 "cd /opt/playground && source .venv_open_webui/bin/activate.fish && open-webui serve --port $OPEN_WEBUI_PORT" C-m
+    tmux split-window -v -t "$SESSION_NAME":0
+    tmux send-keys -t "$SESSION_NAME":0.1 "cd /opt/playground && source .venv_litellm/bin/activate.fish && source .env && litellm --telemetry False --config ./litellm.yaml --host 127.0.0.1 --port $LITELLM_PORT" C-m
+
+    # Start ollama in a new window
+    tmux new-window -t "$SESSION_NAME" -n "ollama"
+    tmux send-keys -t "$SESSION_NAME":1 "cd /opt/ollama && ./bin/ollama serve" C-m
+
+    # Prepare the ComfyUI launch command
+    COMFYUI_BASE_COMMAND="python main.py --port $COMFYUI_PORT --listen 127.0.0.1"
+    if [ "$COMFYUI_LOWVRAM" = "true" ]; then
+        COMFYUI_LAUNCH_COMMAND="cd /opt/comfyui && source .venv/bin/activate.fish && $COMFYUI_BASE_COMMAND --lowvram --preview-method auto --use-split-cross-attention"
+    else
+        COMFYUI_LAUNCH_COMMAND="cd /opt/comfyui && source .venv/bin/activate.fish && $COMFYUI_BASE_COMMAND"
+    fi
+
+    # Start the ComfyUI application
+    tmux send-keys -t "$SESSION_NAME" "$COMFYUI_LAUNCH_COMMAND" C-m
+
+    # Start ComfyUI in window 2
+    tmux new-window -t "$SESSION_NAME" -n "comfyui"
+    tmux send-keys -t "$SESSION_NAME":2 "$COMFYUI_LAUNCH_COMMAND" C-m
+
+    echo "Session '$SESSION_NAME' created and ComfyUI, Ollama, and Text Generation services started."
+    echo "To connect, type: tmux attach -t $SESSION_NAME"
+else
+    echo "Session '$SESSION_NAME' already exists. Exiting."
+    exit 1
+fi

incineroar.brenise.dev/opt/playground/shell.nix

@@ -0,0 +1,10 @@
+{ pkgs ? import <nixpkgs> {} }:
+(pkgs.buildFHSEnv {
+  name = "playground-fhs-env";
+  targetPkgs = pkgs: with pkgs; [
+    tmux
+    fish
+    git # for ComfyUI-Manager
+  ];
+  runScript = "./run-playground.sh";
+}).env

litten.brenise.dev/configuration.nix

@@ -8,18 +8,18 @@ let
   host_fqdn = "${host_name}.brenise.dev";
 in
 {
-  imports = [
-    ./hardware-configuration.nix
-  ];
+# nix.settings.experimental-features = [ "nix-command" "flakes" ];
 
   nixpkgs.config = {
     allowUnfreePredicate = pkg:
       builtins.elem (lib.getName pkg) [
         "obsidian"
         "packer"
+        "reaper"
         "vscode"
         "terraform"
         "zoom"
+        "charlatan3"
       ];
   };
   nixpkgs.overlays = [
@@ -28,6 +28,14 @@ in
         propagatedBuildInputs = oldAttrs.propagatedBuildInputs ++ [ super.python312Packages.jmespath ];
       }); # Add jmespath to ansible build inputs
     })
+#   (self: super: {
+#     charlatan3 = super.callPackage ./overlays/clap/charlatan3.nix { };
+#   }) # https://blaukraut.info/
+  ];
+
+  imports = [
+    ./hardware-configuration.nix
+    <home-manager/nixos>
   ];
 
   boot = {
@@ -100,23 +108,26 @@ in
           "glance"
           ];
         packages = with pkgs; [
+          binutils
           chromium
           coreutils # base64
           element-desktop
           firefox
           gimp
+          gnumake
+          home-manager
           jellyfin-media-player
           kate # kwrite
           kdenlive
           libsForQt5.kcalc
         # unstable.logseq # warning: https://github.com/logseq/logseq/issues/10851#issuecomment-2402925912
+          unstable.ghostty
           moonlight-qt
           obs-studio
           obsidian
           pavucontrol
         # qbittorrent
           rtorrent
-          spek # beat saber mapping
           sq
           synergy
           tenacity
@@ -135,7 +146,7 @@ in
           }))
 
           awscli2
-         #aws-sam-cli # broken, fails to init. use pip install aws-sam-cli
+          aws-sam-cli
           packer
           terraform
           ansible
@@ -153,6 +164,9 @@ in
           nix-init
           nix-tree
           nurl
+          # music apps
+          reaper
+          spek
         ];
       };
 
@@ -167,6 +181,7 @@ in
 
     };
   };
+  home-manager.users.blee = { imports = [ ./home.nix ]; };
 
   environment = {
     systemPackages = with pkgs; [
@@ -316,6 +331,7 @@ in
       enable = true;
       pulse.enable = true;
       alsa.enable = true; # for tenacity
+    # jack.enable = true; # this might be useful for reaper, but enabling it breaks stereo audio for some reason
     };
     avahi = { # for resolving start9 hostname
       enable = true;

litten.brenise.dev/home.nix

@@ -0,0 +1,38 @@
+{ lib, pkgs, ... }:
+let
+  overlays = [
+    (self: super: {
+      charlatan3 = super.callPackage /etc/nixos/overlays/clap/charlatan3.nix { };
+    })
+  ];
+  plebpkgs = import <nixpkgs> { overlays = overlays; };
+in
+{
+  nixpkgs.config = {
+    allowUnfreePredicate = plebpkgs:
+      builtins.elem (lib.getName plebpkgs) [
+        "charlatan3"
+      ];
+  };
+  home = {
+    packages = with plebpkgs; [
+      charlatan3
+    ];
+
+    # Troubleshooting: ldd ~/.clap/Charlatan3.so  
+    # Status: Not working, Reaper doesn't load the plugin.
+#   file = {
+#     ".clap/Charlatan3.so" = {
+#       source = "${plebpkgs.charlatan3}/lib/charlatan3/Charlatan3.so";
+#     };
+#     ".local/share/charlatan3/presets" = {
+#       source = "${plebpkgs.charlatan3}/share/charlatan3/presets";
+#     };
+#   };
+
+    username = "blee";
+    homeDirectory = "/home/blee";
+
+    stateVersion = "23.11";
+  };
+}

litten.brenise.dev/opt/open-webui/Makefile

@@ -0,0 +1,40 @@
+# Makefile for managing virtual environments
+
+VENV_OPEN_WEBUI=.venv_open_webui
+VENV_LITELLM=.venv_litellm
+ACTIVATE_OPEN_WEBUI=$(VENV_OPEN_WEBUI)/bin/activate.fish
+ACTIVATE_LITELLM=$(VENV_LITELLM)/bin/activate.fish
+
+.PHONY: install install_open_webui install_litellm update update_open_webui update_litellm
+
+install_open_webui:
+	@echo "Creating open-webui environment..."
+	python -m venv $(VENV_OPEN_WEBUI)
+	source $(ACTIVATE_OPEN_WEBUI) && \
+	pip install -U pip open-webui && \
+	deactivate
+
+install_litellm:
+	@echo "Creating litellm environment..."
+	python -m venv $(VENV_LITELLM)
+	source $(ACTIVATE_LITELLM) && \
+	pip install -U pip litellm[proxy] && \
+	deactivate
+
+install: install_open_webui install_litellm
+	@echo "All environments created and packages installed."
+
+update_open_webui:
+	@echo "Updating open-webui environment..."
+	source $(ACTIVATE_OPEN_WEBUI) && \
+	pip install -U open-webui && \
+	deactivate
+
+update_litellm:
+	@echo "Updating litellm environment..."
+	source $(ACTIVATE_LITELLM) && \
+	pip install -U litellm[proxy] && \
+	deactivate
+
+update: update_open_webui update_litellm
+	@echo "All environments updated."

litten.brenise.dev/opt/open-webui/README.md

@@ -0,0 +1,24 @@
+# open-webui
+
+Installation:
+
+```sh
+mkdir -p /opt/open-webui
+cp -v opt/open-webui/{Makefile,run-open-webui.sh, shell.nix} /opt/open-webui/
+cd /opt/open-webui
+make install
+```
+
+Update:
+
+```sh
+cd /opt/open-webui
+make update
+```
+
+Running:
+
+```sh
+cd /opt/open-webui
+nix-shell
+```

litten.brenise.dev/opt/open-webui/run-open-webui.sh

@@ -12,25 +12,19 @@ if tmux has-session -t "$SESSION_NAME" 2>/dev/null; then
     exit 0
 fi
 
-# Activate virtual environment
-source .venv/bin/activate
-
-# Source the password forr litellm
-source .env
-
 # Check if session already exists
 if ! tmux has-session -t "$SESSION_NAME" 2>/dev/null; then
     # Create new detached session
     tmux new-session -d -s "$SESSION_NAME"
 
-    # Start the open-webui server
-    tmux send-keys -t "$SESSION_NAME" "open-webui serve" C-m
+    # Start the open-webui server in its own virtual environment
+    tmux send-keys -t "$SESSION_NAME" "source .venv_open_webui/bin/activate.fish && open-webui serve" C-m
 
-    # Start litellm in a new pane
+    # Start litellm in a new pane with its own virtual environment
     tmux split-window -v -t "$SESSION_NAME"
-    tmux send-keys -t "$SESSION_NAME" "source .env && litellm --telemetry False --config ./litellm.yaml --host 127.0.0.1 --port $LITELLM_PORT" C-m
+    tmux send-keys -t "$SESSION_NAME" "source .venv_litellm/bin/activate.fish && source .env && litellm --telemetry False --config ./litellm.yaml --host 127.0.0.1 --port $LITELLM_PORT" C-m
 
-    echo "Session '$SESSION_NAME' created and configured. To connect, type: tmux att -t $SESSION_NAME"
+    echo "Session '$SESSION_NAME' created and configured. To connect, type: tmux attach -t $SESSION_NAME"
 else
     echo "Session '$SESSION_NAME' already exists. Exiting."
     exit 1

litten.brenise.dev/overlays/clap/charlatan3.nix

@@ -0,0 +1,37 @@
+{ lib, stdenv, fetchurl, unzip, patchelf, dbus, libxcb, xcbutilkeysyms, systemd }:
+
+stdenv.mkDerivation rec {
+  pname = "charlatan3";
+  version = "3.2.0";
+
+  src = fetchurl {
+    url = "https://blaukraut.info/downloads/charlatan3_${version}_linux.zip";
+    sha256 = "sha256-DZA23vYh4rQsPVi8Xq9oc/VFa3YIIqsjZsg2rBuDqfc=";
+  };
+
+  nativeBuildInputs = [ unzip patchelf ];
+  buildInputs = [ dbus libxcb xcbutilkeysyms systemd ];
+
+  unpackPhase = "unzip $src";
+
+  installPhase = ''
+    mkdir -p $out/lib/charlatan3
+    cp Charlatan3.so $out/lib/charlatan3/Charlatan3.so
+
+    # Patch the RPATH to include necessary libraries
+    patchelf --set-rpath "${
+      lib.makeLibraryPath buildInputs
+    }" $out/lib/charlatan3/Charlatan3.so
+
+    # Copy presets
+    mkdir -p $out/share/charlatan3/presets
+    cp -r presets $out/share/charlatan3/
+  '';
+
+  meta = with lib; {
+    description = "Charlatan3 CLAP plugin for Reaper";
+    homepage = "https://blaukraut.info/";
+    license = licenses.unfreeRedistributable;
+    maintainers = with maintainers; [ bleetube ];
+  };
+}